Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 08:01

General

  • Target

    e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

  • Size

    167KB

  • MD5

    e08d6963abd974a0dcc9bc86f67edf4e

  • SHA1

    6b7f8c57d6f67540b4545bd1bd52a4818516ca59

  • SHA256

    7ab5cc70f8b5777a3c55d6b9a84500d1796af80f3d558ba62516f21f384fbaa3

  • SHA512

    8315191960b1e0f60d76c6c0c2539a85de05050d75731fdb5227edc6696a47545687a39921939d877e52fecad432536b5a12b6a086d94f3da7951b4b6f739689

  • SSDEEP

    3072:4rI+ZEBpDEdMYsQj0pK/TYcIR2VYYYS2zUYYvYYUpo97:4X6u7e

Malware Config

Signatures

  • Detected Xorist Ransomware 4 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Xorist family
  • Renames multiple (2531) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    311B

    MD5

    edf3d4399582c7a1e8e1db50eb8f63ae

    SHA1

    2b7d5a0b8c2f0c6a1e233f0068046b0fd801b968

    SHA256

    9c5ee7821cfe0279ee6f64936c361a251b9f1f36dd2603051063230712017ec5

    SHA512

    16433b80fca0ede9110f2315ab0689a04ec2e490858fb19650986b7f46da7d317c0dd0519813f2ae67c4bae7bf00930ef4b6fb231ce6921b0e8f2ebfde114ddf

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

    Filesize

    341B

    MD5

    b9e4b53213fbf0768465c14afabae500

    SHA1

    a5a6e1d28dd77821d22cc6ca8b59c443334d8c13

    SHA256

    111dba847b35705da806e49ef3188e06c880c499bcb249ead1837c18cb99805e

    SHA512

    0400384a5fc9759258c7c983a7694aaf5f509898f34946c0da703d6f85ad60dbf9cf873e7c0675e0bf5cd8b40e82e2e75331eee9aa74d2029b0e732dad5455e2

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

    Filesize

    222B

    MD5

    381fa34facb18afbf011d4a89e75d495

    SHA1

    7b581bea1acf3e4fe285d4a5ad1419eda3ca0e07

    SHA256

    f32b7524f825fa0575d80a4228332021516c2bd7b68af4b83e363aa1ba196e69

    SHA512

    ce95541bf19bbb45039eae201fbdceff6f679b40f34d45f363bbbe080fe561cc6e5b9edf9318ddb6ecd6ce8b6278036b0956256b0102f844b0d500c36bcc45dc

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

    Filesize

    24KB

    MD5

    b4da51d40aa783ea643025b8bb4d740e

    SHA1

    235dd420154c5b44a4121dbf840b8d070cf41e6f

    SHA256

    67e3db022810d1b191d5c7e34eabe122108afa870176c7b03831703f010fa608

    SHA512

    61f82fb8debd265303f744ad5290ba3dc1da313b436d11652f950c8ac085a1cc8d4576266bb5033bf3d3f21d4a75886838ac8b7d4bbbf85a57c1dabfbd968841

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

    Filesize

    185B

    MD5

    b4056aa8bd5d145fc7121fd455318d87

    SHA1

    079378f3b592883db47e6aaca8c99c9e1dc29b3b

    SHA256

    d9b8de4f7b29b52675f03ffbbb6741362dc6d5620d2ce4f719eff7cadae22479

    SHA512

    6b2736eb3ad9ca6f09c7f7586fce218338c9d2be8024311cdcc9bb3ab4d4e095f41dad31f37c7365af980a6b7e73eeb2054e6f62a91d463e0afedf03458d3043

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

    Filesize

    496B

    MD5

    7d2e9ce6d163caccc16c16c78441c6a3

    SHA1

    314291a552d94bdbf63c1a48c8a03ce2e6dc733b

    SHA256

    e2c98b9c72786aca1ef69f4fb3f695131b6d61c994a2924c75b4382f3cc5211e

    SHA512

    6322ac589ab35fd4ad90b3a395654d4f0deb53fed9aaf28a509e3e73bb76baeca13dc2f9dd3919c720955de5eecbcc40ddecceb1d3ef1bc81823ebdedbf31cb7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

    Filesize

    1KB

    MD5

    bdd432f6c47fdca9af75a0b5f55501a0

    SHA1

    bf4b63c28ac1342e16918e89404b4befa9e55535

    SHA256

    a2ef54f126203bc5046cd6bfcd1064fee5f6be4a0bae0d4a1b52193603cb3975

    SHA512

    8edee3255a47095f0dcb54ed38f69f222a5177805f3786f5bfc0a6aaaa84bdf0abefecb581dac68c7d36bc25d5b46e93d385094b655396665babd2f7503d795b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

    Filesize

    341B

    MD5

    4b4bc4059f0415d022659d9a43118253

    SHA1

    dcd76dc55aa2a163d81674671e6ee0628520ee1d

    SHA256

    5c165393b29012dae580db6537a142fce21abb45cc422654ddbbad836cd3e0e2

    SHA512

    662ab95c8ccaf64b2acb861a4b259ddfa49be8c129b01fd38728bb835c141fa6f5952b61a657a38ecafce0a74ecd6ff45b78586128e9976a9be350660aaaddda

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

    Filesize

    222B

    MD5

    a38d63843851215100a0b3726d5b3746

    SHA1

    7104215d5ebaeb9719266a7047dc71e644422d9b

    SHA256

    a4e46364a7e5f7185d0f3799c6b46fbd6336f93aabdb66403f6423ac2b5eddbd

    SHA512

    64f33a91b87015837afe93c9677cbd0fb7eb1e3be2e23828cd026c98162355b628d3e58e6b34c5d83a72e0ffff987c59dfe8be4e2442e59ef4ffa5557d17cd13

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

    Filesize

    5KB

    MD5

    d1e609640ba6e836ca1c07fde6c3ffab

    SHA1

    9a6457c45b4591bb27e25eefc8909eae19521e6c

    SHA256

    5d7e28cf6b71235606a250b8f81719ea60953fe1ca0acaab9f583830a3b885a1

    SHA512

    9b51dd2d2af4f3053f30ec3fdae56131c23529a332de4dc2b00bcd9875bf3d38c80adbd1c0d76a1c52818b55bf21175eb17acd0bf14e10e03d55ca753c5a337e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

    Filesize

    31KB

    MD5

    ec15db8eaf9406e1818239c06b9e0a57

    SHA1

    85d6bcde12413cfdede79e2e8c126f523a4bea9f

    SHA256

    cd8d1a7975bba1fa770dcd965408fbeb9980f4e9e7fb5174aa51ae245b12e4bc

    SHA512

    69cbcc91e4bbae5fc05788b94a48ce5c7f5270e1de18320588d1f0a2e92f2cad063a8cf2ff14032ea1e0c240774776b8470f14d33a83108445a668e5249c36f4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

    Filesize

    4KB

    MD5

    ce0e23dce1709d6a5576800c13aaf7f8

    SHA1

    280e4d5e0bfacd7e216a4ea4aa0c73dcedf2cd82

    SHA256

    da115f750e4fd8b44e80e30d7dae9d6e97ac3867f95fb938796b701b057be19f

    SHA512

    820d05e2b5ce36da51846530fe382281c74ef9401b817147392099a09b05d4c8ab772c9a09f9cb02d48dac4b0217bc89ccb2762b0f6973b922dd38b2cb5bbe72

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

    Filesize

    21KB

    MD5

    2f57abf47a7c00cf52fcb337f622075b

    SHA1

    4235e7caa93f60eea4836d13999c9519c7a88261

    SHA256

    79c35b0602aa631c9918019556b8690ea4b74052f10d4fae1c63849c082cd805

    SHA512

    4d023957619e6bd91d03d4093565b7770be799c4e9df688d40bcc1f061dd3225ad6b13bba08525521f1e25563a3157b5562e1e938e0a7a73b2f13fa49d2509f5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

    Filesize

    106B

    MD5

    c1264e48c813db5167a3850492e156c5

    SHA1

    0fba979099f8c238cc18721e3747e6a4cd2b69cf

    SHA256

    0ded0c78de7329d1c5a83fb38affa5a681de0835fa11c3dec647094250aed68f

    SHA512

    76748103d4c9ebe668e81adea75dcec1dea2996e8496a237a051d2b60b978750c8df3b49b617607be091a1e05473c8394ff24be75f2c3dd70c18f419819e0483

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

    Filesize

    8KB

    MD5

    59d1a0fe032b2546d5852cef15a8c2ca

    SHA1

    97725b0183d0f8ab2362881656679941f84547d6

    SHA256

    8ad0658fadd38e6dccb68d332bc6764af9c29048cb694365f45cba5df9013d71

    SHA512

    6c5706cd796bfdb1c8d8e0d3290833ee0168f3d0d4bbdbc8595d1615c4ccf3dbe301fad281ec2b749b3c0b0bdefa03ebb321b1eb01a8153d80970646ad0c86de

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

    Filesize

    15KB

    MD5

    b33bb8ea9e21b2dc3f2bb40e82eb1d59

    SHA1

    9e2b8f1a3bd0712f92da29444df77bcfe92b6949

    SHA256

    ebf0db6be652f63af34fd484059c71fd1ff4ac4110145e011549df4eb57c484f

    SHA512

    669056a842017565ffb11fd837981671a011abc1eb019a7a155621a5e85a52591c81cc624d52436efdde994283b0042192a54cff0c76c6fff9ec6e3eb61d9574

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

    Filesize

    6KB

    MD5

    0ad2d0043a89930656da0307bafcced4

    SHA1

    c73f91c4e6c2bc4706576cc8d06b5b4834487964

    SHA256

    1ca46660793c14e1c05ba770a177539a93932d1ad8ea84952c6a0144154f3d43

    SHA512

    c50a4343c6f955b14e48c0ef7cf71d833068c6b0554f1feb1caff527fcb3d0dec5bfbf77b9ea765fcced29f2e8eeeeed02856c26f06141d9e5b01dfa5e4052e0

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

    Filesize

    20KB

    MD5

    d8bed96e6c042168af288d09e8fd8406

    SHA1

    367131e9cb43e08b77d6c3567231a3d23eae8143

    SHA256

    d6635877c26e7c3f82ab7f44bffc61351ca972b4bb9c495367ffb4882f197570

    SHA512

    b2dfc400ddcfe0a2511f88a0533c42ff482dcca3dd3b36aaf80cb6ff24ea710701618353b62687729e94fffa2f7779d7c5de82974a517c276647574f86eca924

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

    Filesize

    6KB

    MD5

    dd2f227c372cc75558d6bc4eb45a8f8e

    SHA1

    4f0f6ae1910c50835b567eaccce2b9d7c25df25d

    SHA256

    ac97ca380993e0eac76cf6f0cd44c987893b4ab55bc0cf55cb2690adfa8d8007

    SHA512

    cc6ada4ed40ea033e3533917737151a2424969d29814a9b88050a3acc0d94e4e9cc67bc8f98d8c97dcaf63c1be16760e2bec1be9355555d18a9e9818379fc192

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

    Filesize

    15KB

    MD5

    38473dde4e6cb9e1c200c9a10038df53

    SHA1

    def5b73bd54b675f441a2e372393dacf096d7104

    SHA256

    b36317b616286b1424c746078093b768943fd4197f5b204fbb9166766f0a6171

    SHA512

    9d8607d87e9ec9d7f2cb8cdab782832fdbee2ba1110788566829efc25f77a36efa7f15e082f501621c6f1762d65f78aa48b9018b5f520f549b7d7e10d7a47f0c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    04e9ece717fcc90ea99d2c1402d473fe

    SHA1

    7d14530d27492a7d67c9b1b9799596a502822bfe

    SHA256

    ba3ee121bcb558ee48e8e7e71f063b6e698b61c5e13d79b0c4940ec36b8e7669

    SHA512

    12d70a7158e4b61ddc9576f1ab0fcc385945b660de0afad6b353de4661993ef07622d679388c9ef0eb0bdf2dcd8c6dd184cadd90d3d5926363998997f0269dc4

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

    Filesize

    2KB

    MD5

    34cfcf8d380a69dff95a6997fe3cb3a4

    SHA1

    14a0f1a4c41af5d7c47398e80a58c7be53e0ab9f

    SHA256

    b09d56b00367c31f8a4443f3b56d24eb67b5de71e93d818595586264f45dcfe2

    SHA512

    b0536aab562365f203977b594599e431995c01c36bdaafa239ec51dad415d9fe9b147811b761b8887297d94a67dabf5cbed8b17634ded4bcab3479bd356c5176

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    09146668e0408d10c44f01966a4bffaa

    SHA1

    3541b2d52bc6d511adb3153cb7c28365f1ca073a

    SHA256

    fd33bec0cdec1df56b459a9c7fb462ab093d250606f4a8fe0d8eab08c295735a

    SHA512

    c5f119df91aca573c1a78742f0037e1e68464f2f89f181b6d3558cf54a17bedfabad5d7566b4956816d8460ddb357368bb5c786a2e98733355234ab13f869dd9

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

    Filesize

    255B

    MD5

    8e9229d4381e06d70337112331b60ae1

    SHA1

    3812d8fa68447406968b0aa3efa6cf076af7b8d5

    SHA256

    66ea9f93d96f936367fe1bde074c6d295ebca8c33f034134dab4b59291ae31be

    SHA512

    fa09186bf7956e93f86cc85cbdbabbef3730fc910f57c94387a278b2fd8303554b0f514ff5a8b4d737e1b32629effa3175c4bd0e4d3055edee335cb34119e7e7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

    Filesize

    323B

    MD5

    6d638e34aeb221aed4ecc608faa5d3e4

    SHA1

    bba880498df3c999788f5c56d301032ea74569e7

    SHA256

    36ba71026b6c261c7401c298d79517023fa11e980cb64607f38b1991dd0ee8af

    SHA512

    d909154b65447d15b5a0facbbf0625791c3c50190f5f243b0c69c6c2ead3f713b4cca2b38230bdfa91e3dee53bb11bfa3e2889ab64d336256a795607489a4214

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

    Filesize

    367B

    MD5

    8ed5d6c8b437b396161034663585b202

    SHA1

    7535a33c96f96818907cba1c362d7a4c798a13e8

    SHA256

    1082b5d75d9d67c01a957fad00f32fd88c320fbda2a0a41de351a901cd2ef342

    SHA512

    268e3b497b2ae77e936b7f0c943a0f3803e5bef8696d01aa62ee7cd81806dd3b82419a541dee047c69217c8cf7673da90d672ef707075f69a27eafa03f5a07ce

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

    Filesize

    148B

    MD5

    679df2f31dd275569686b76bb6699293

    SHA1

    13be297205234ea39154dba471a9b6696ae05866

    SHA256

    cedab0c2cfee6e0204d4da0131c1a9b23b0fdba61ec70abdf57b7fde137c872f

    SHA512

    e3f8399cb247b812e3036ae4792fd22b1a56d8a4b586445945ae22fbb0af619b555377715dea5ea662b5860b578d84e0b11c19fc4c87c6e85e51c752e3860892

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

    Filesize

    440B

    MD5

    78f3ba8e2ba8bbbfbc1c017a0e0580cf

    SHA1

    228db7f26a483de9cdc22c68053cb9c73fc52c4b

    SHA256

    14118a603ae9c441402dd552112577726194e9107b5b45eb1a3da1a935ae6dd8

    SHA512

    fa26a78aba44ff514780394027de4589d263e78b57bd51eb6a67d91c5091c9ea800ed8eee67bcdeb01f2f94807fe68ec85c31fe1666551bedf3c2fa8fb2e4c1c

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

    Filesize

    462B

    MD5

    98329fffe05716a26bcce8fb9998d63c

    SHA1

    cc9e0a65cdfbe5a0873cbc014c3c5c4c333397ef

    SHA256

    2a4ca4c6f70d9c388724a944f1c988008aeafb4399fc12c4395f13918a780c6e

    SHA512

    c78e3fc2f4c49b810a2c272591b2d0aa2cd915aaae9fd9bf3c8590cf7794abf6f4482df60c7953c253811d4b96d54f5d82f554ab2a1fb2ada1f8bbec187e2cca

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

    Filesize

    267B

    MD5

    b209b3a271ac4e6241323104858dd131

    SHA1

    6947bad37b2ccff9fdb59b7e3a0ddfa8ae2f9898

    SHA256

    201ef76427687ff7e5d3f356c5462b7679ba5dbdc77f9fddf89d34f629ea90a3

    SHA512

    0351e941440d06d27be82eaeb34bcebc13a3b56b119da7dca2d27ae45009ce97abac1e410ccec69b02afca0bb1de2b7a5df2ae7fa82208bb2a7ea966d3c25c06

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

    Filesize

    2KB

    MD5

    4551171bb2e02dbeb408766aadb37c41

    SHA1

    314af2b9d5f482a6c28cbdfd5ea46f6cfef9f4b5

    SHA256

    49f2d91a89dcc87e2ab01de9f061c7e44bd28ab6b68d45ed9343fe9a4e7bd0f1

    SHA512

    fd4c3b237933c6f7289246effb59063d6dc5e1ae7010e6852126c2f52f265d6ef39bca5116b74f48c3527da78984b72a817c804135295bf6e81182828553a815

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

    Filesize

    233B

    MD5

    5c9cdd79b08aafb0cb484942a86cd88d

    SHA1

    61a7f4cdc461558d458f3258274a5fea3af7e8d9

    SHA256

    117e33fb83d924e74c52e777b12398798af68c06fc969d866f620eda82ed0844

    SHA512

    b7a0964cb4d936a8ee1ba2db2ed76b2d8ce374f209008a472a7133ee4e6984595b9fd111abc405eb3dbfd7fa82339a0810d3b400c82ad6cf1b5a4dd11807829b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

    Filesize

    364B

    MD5

    c4d113ab8fbbc237e2fd0a2bcb2ccb9a

    SHA1

    c6c0e97061e47a681483437a08f5a42b5bbd900a

    SHA256

    f51b30627f58aef8ddcc5a945ef3b63619811583a08413b00511f1df67070104

    SHA512

    c70440c5be957d5b4135b5548533eae529ba19276e8208c424fee06ca8fa29be273da1b1b4ed10a247e580b5908f57d95d207a3bd3cc249f7617c9d98eeb42ec

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

    Filesize

    364B

    MD5

    5a5bd2c0115e08adf6ef447601422b52

    SHA1

    0117e14c650e26e1f41c7c6f479bf23e191ebf0a

    SHA256

    0fc39024922a16b6c54e3b9e1ea17ea160dc7ce46b8d81336239153bc3619941

    SHA512

    2a6963d9d5a2cb2424afb0fd14e732de95bfd483ad3066898aeb337a53d591639f3a46b7e5dbea7494c28ac10f6aafddf29d4b720ec06a88fdd796c97dce2c6a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

    Filesize

    6KB

    MD5

    cfbdffa417e0fd8efd65f472f4d5ca4e

    SHA1

    3142b553a0181ed3d822bd7131f1608f388418e2

    SHA256

    9d288d57494d9f5ef68b42a1969acae164cf908dcf7dc9c23a746bf1532c3324

    SHA512

    d526b023b6fedf91a932b8dfe486a6acf0defe39c7d49455adca7e04b3647418bb657d2faea1a84df119c1ab034fcce400ce1191d5d74f78f0eb24dcce3025eb

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

    Filesize

    428B

    MD5

    d7f3b78cd468f767b3ccf1c3d95c72a0

    SHA1

    139c62aeeab0fb3d7a1c84f982df5f267332e647

    SHA256

    6ad1bb497b1ea51dd0ebc888bd0f11b4b1a49819c9ee34ef87e2caad245bd5ef

    SHA512

    a42004bc4faae5984c0e004f5f9b576a39ae6d4233374199a1fb9d246ddc7a6ca819d707190a6d093b75e3ea9956457557bc4808f39b9db42230a4b947981114

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

    Filesize

    815B

    MD5

    3cd74c6dd154feb888a6cccb62b2c2e2

    SHA1

    742625ffd7f49a3ddcc64604896522db3b80720a

    SHA256

    4d065afadaa0940d90413d438efd6dd2f5c794e206e69a18f5edcf0c9efb2870

    SHA512

    dffb18622c5cfa7a91f0fdbb7953df52de35b934d29e38444eea4e2b164dbb74c4d37845ad0960a3a9f223c77c379f89cdfafdc34855105451624479ea9c0e49

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

    Filesize

    870B

    MD5

    295020d7df3713a692a3a9847a4d895b

    SHA1

    37b7dc999591d0087b55c1bd0a843eebfd284400

    SHA256

    639689f4480a61bb34a5507eb0088ec11132e25b9dcc83d4e7a098e741a3f3da

    SHA512

    675dee528d96fb78b6ebd7c3d2f0fc55cae6c530214367a8641a994cb96465ee83df92785db1897f1144864284f5deefb3aab69071344208f8d33d74c022f7e8

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    75b29f2bd34bdd762ea5c459b20ac0b0

    SHA1

    e0fd340147a38026c30d0efc83ec239afd431aa6

    SHA256

    6609623b399b0cb1b7456b18b4481f2bbf909dcb22aba80f1b5187299153a9c4

    SHA512

    a68a12055f63f48b574d05dcaef93c7e664c8feddc3d27637898635c0c4a3c5e21d6c079d7fc39e6946f3233097b72a6c1c6a6752fcfe7c42332ee055245780b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

    Filesize

    2KB

    MD5

    231a1d89691989eafff64085c0db7a7f

    SHA1

    c91d536dad694d2b887f51ba6c791b70a8e11494

    SHA256

    8a2c1b686bc6e8c33e9b35d18c0a65b58c91c23102503c82c7346cb1c527786e

    SHA512

    c8f52dc690a9caff403aa0d7daeef98886cd447de7a421234de8dba4826869109f9a5142bb0dc80367153b929053845b3d1dbff945f469cb20b90c86154bdf0a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

    Filesize

    19KB

    MD5

    886be17066c6505e2abc5b9f1606d9b8

    SHA1

    7f2757a4cfc86b23456a910bf9fea2233b73f686

    SHA256

    6276e7d0c9b537a342b4febdd76b5760a0c5852974786bbc2d2efeeaa2550430

    SHA512

    2bee22e54d997e02dc326409665f5b6b8957dd446aa554c31fd4ed1b19fe98cc11093dcde11e6d020a00e97f7ba79a738d971418372fde9a78ca8788ee347631

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

    Filesize

    890B

    MD5

    cc42aebfc507985dcb5103d6c898bb14

    SHA1

    eff73d81f04361012619064ecf941b73963a413c

    SHA256

    d5090062eb6d6cc7f58358b022a5b62f99d16fb722173cd3b7157be782c8495f

    SHA512

    e047edaa545c611d77894fd5f4552d824d6ad4ead118343a0fd03ce2e6883846b51d12ddb73228b1d1d6f0f7b183b9cb332e95f6f7bff7aaba44562529cc4185

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

    Filesize

    852B

    MD5

    5ecdaaef9565c1710c2f5662c2f99791

    SHA1

    5f6412526ca7bef984b9c7aae901284cddcd5218

    SHA256

    a4ee891f992b2fba3382a25f8cebe26480d4bdd21b00009387784ef294f4b8a3

    SHA512

    a6dfedccc63b5b2215eddf02081d7d7f3ddb7c11e9034d28a3137f1058a94f67fca75be99dbafb2e140dff5c2ae2085abf30652db7eaee1662c866f2edeb88e7

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

    Filesize

    860B

    MD5

    9f7bac31d9911e03c7537816c106a179

    SHA1

    3393d50d7c5d2faca4d8d3db5f2f93ff5670f522

    SHA256

    df232b3c90ec64b58b7b94a8af9ddab63502836704bfa3b6d6d7dac892d5acc5

    SHA512

    e1a623ec46f807410e5d4946134d7ab4d7cd1f34fee566d2ad7fc6ffa7f9e95cc1bc67db0adfde10f1d9e1a2f00eb26503576c42825ab12d94d41725181fcb0a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

    Filesize

    580B

    MD5

    adda3f289e04693ff48073ea77c609b6

    SHA1

    4bb06a1e3adfaad94263b4a130f454cffdd9cbc5

    SHA256

    be1234dd8bc92e67121610d9af715b5d131b3f56621676fb4c1ee5e51cfdcd8b

    SHA512

    4016c21eb06cac19212dd54323c84b5d0f1c050275a10e4f14c2e9814764487dedeadb90d11fe8b90cbb025818ca165adfbd81a71274650615b5f8f0f2b848c5

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

    Filesize

    899B

    MD5

    7ba65380ed1b35c7ad7ef58ecaa778db

    SHA1

    e2321d218fccb259c3942a0bb9399e1468f0cb6d

    SHA256

    545b3602b582b772a520c533080cfcad95c9b997b74a7754ac58d019b6e744f0

    SHA512

    c289e8faa0befc11b9fce1889fe9e9d863fff90759f74b9aa3386555c0de506db0ca74b00e3965a8649f0cfd2f60b25f9019a815e663ee36e95af61446e7aa0e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

    Filesize

    625B

    MD5

    0d8069485fcda84df04165399fc08012

    SHA1

    19fa3d5bf68a57701f024376c1dd7474d14b3609

    SHA256

    835e3fdf281469682193b4f9218bbaa5ab8d1bd0968fd9db899bf69840452909

    SHA512

    aaf6906258be1b0a7c520751e7cf61bff0459297a4164995db1063c21dab4f6459f5cb03ea7b4d07ec857992dbabdc9003fae243a766e37894d69912c69ddd55

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

    Filesize

    873B

    MD5

    70f6551b1faab8335f03bb64bd73f3e6

    SHA1

    68e0e71ff764bbed4d91c7531f50ed4137f1d403

    SHA256

    17cb765940a0f5b8f5396d6d080320f6ec05f0b8cdcfbdcd11a94fe1c2857e64

    SHA512

    e8f2128c3762cdf774f3af4e2f38e0296f32a955553306fe21790f495971a7ad09a50f75818746d822a692fe3d71e8fd917412ca036eba25386a4035a142410b

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    01c6fb640d4fa9db9dfa0783d19968de

    SHA1

    cac865a9df53ad38121568ad44902573a7f29202

    SHA256

    3e754c4c7935f62bfbaa95c947dd9a3caa483bfc1f6cca243c58ef84d95db36c

    SHA512

    66387eae968004d282acf695f4dd7bd1e65e940409cf7ea10ec0fac8cfe693914d0035d089b7befb36997eced4a2c2bd6ae173b7ae06f4ec51447e17575e0352

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

    Filesize

    1KB

    MD5

    812ef0aacb246fd2f9530b226caa350e

    SHA1

    5d383f6b66f1eb08fe240d43551acfa5edbe99d3

    SHA256

    c20eabb7d774bc28466fec5d708f60e5765339ecbbeb04a64623c8a672e56c77

    SHA512

    4b45cdedeeb749681835ee2a256c717aaa563fb129d915c800bc58a13d56118ad7932c7a87bc9d1f2e7698a483e91c38c6075422f2646d351b111046fd1fea5e

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

    Filesize

    615B

    MD5

    d3dccf9b8c8fdcff8778b7c31e75e4ee

    SHA1

    05d0c315782f0550f0b00cf9e2a1b6deb06da237

    SHA256

    888718e1db3412308e4d96059c180d9dbb520647cb9576fce7bb8e53d02b030d

    SHA512

    a48b79f05766804b6a9e3971bcc1e68a360b6bae4e40a2bb0768742f55efd290e35dab7bc5999d4d47d5f17efd4bfc2bd52666eb22172761eb54ebef53c001c1

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

    Filesize

    848B

    MD5

    6867656d3689873a659131e317e644ab

    SHA1

    7a16b1d07611e3a16f64e41322e7b7d8f1ae24e6

    SHA256

    c7ec3f458db1394196db7292d4794eb6ee766ce0f627554fdb774fbe563b905e

    SHA512

    829201433b614258755cb2726f5f8ef9cae4c755e2207987f2d58d959c1cd622870a90553e4e38a6ee8e631bbb7531ab450bdbab960e6f7563d0bdd44455f29a

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

    Filesize

    847B

    MD5

    8a9792f3630eb7eca062b40fc624f5e8

    SHA1

    09d3c8650c923b17cab371147859e33791e9bb64

    SHA256

    4feeb072a352256e37851c19ff06347e93da019794f10e4f969d9dfa9b0045c0

    SHA512

    88b4684c4858db95d6b3c1b9cd1e4cf67f099d1cff83b484d4ef86cbd21f1abb787c951da1c2c6c96abf5c7d01aba88c49a81a90ebea775e931f44a86e05e593

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

    Filesize

    869B

    MD5

    56b6883cc0ca936f107ef4a2950d97f7

    SHA1

    bc13f3f49be9cc91232efcb5a14d0a10c7308af9

    SHA256

    0e6b99f51de4bc8006c7cd4fbdd71f91660da8019285a2f5608196b79696f75d

    SHA512

    98acc04a7ee1963e168e7fe42eec0be53872857293e74a8a90c9632c808875d628341131b2561281a5678175397bdd5d4b5bee032f766f5256fc427794ae3481

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

    Filesize

    847B

    MD5

    7fd243c1abc56f71bedd46a5a85e7885

    SHA1

    0115e5adc77df54360f41ea68e0afe233a152422

    SHA256

    faf73dad994c35e07364c7632de9b94db7ad2ea8e43995c872e9af7d036109f2

    SHA512

    cb8ce79b3def001443688963ba92dca11ee3f3fe641fc8fea59501394bb6aa6e3d00075f96f3174132798b95929b14f63d4ecb59a8aefadf08b94d5a7f5ccf92

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

    Filesize

    863B

    MD5

    2328b1a684f62eb5787f360bc7b873cb

    SHA1

    ce08b4691689d802ca884766274d9b3cdfdb8553

    SHA256

    9bb457b0669ef0cb1338d2b084135245f58a94d74df5c6474811181e8ae0628a

    SHA512

    8424d17ed8e74014362205510db0032f345847564597b22a8f9b800b72f4b563f47f513961dcd8b069df2c70e85632a8ab0f613dd9ad4c1aa9cb20ddd99a455d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

    Filesize

    861B

    MD5

    0aef98a3178205e4feffa5f9cefc50ec

    SHA1

    9af4b84fb6f51fc39f83097d119aa51b988e01de

    SHA256

    3550f85c08b4078ad297ef93d8f882d4a109c1da30b465f3d58b1ad501eab8ad

    SHA512

    ec1c66e6622499107a3546f20744973174cdb3d3b992198cbe39e5f6a9b09e3a7c714f2f4d21dce4896f7737fafe42e9931b24817e36167070421144d1d8014f

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

    Filesize

    850B

    MD5

    57d114bc34bdc26bcbb719ed348c291b

    SHA1

    c5b4013742082ca193e2ceeb33a677bfa501182c

    SHA256

    bb4f612edc66cd87506d7c048077fe7858b303be66067f1b43f6fadcb201e4e4

    SHA512

    1aa774e4ffcd9ed556fd254e9ea98392a403de1645aa550a87d25e586157bbf88283ff2c7b43d5613abcb7d341a4495ff845a8ab8e3ee41b26f9fb6436331efa

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

    Filesize

    883B

    MD5

    80640b22f4504802cc3dafdbc34648e7

    SHA1

    5cd499c74190dae0755ff3690ab12ad912f53618

    SHA256

    96df4d6a13c18e7e414a790630945b92323a6e1183932ec42f085a76d3266a0e

    SHA512

    e9fc7ea002697584fa0a41f79d23c8be260cc40cf931429db2bb020f81684e98ab15641937deead9885be3ed4b50d086373823c2ac66d2254f16ad2905ab90e1

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

    Filesize

    153B

    MD5

    b2c878016f854f614eae23054c96467e

    SHA1

    8ce5f8f8c30b1e03dc405235a9194767a1008466

    SHA256

    d3980f752d066125e74dc259902022a3538a4ab1d91287aab8c2a39379e60474

    SHA512

    e3620dd338b6b31dbe092317b7c22b4e1944f719c99438d4c01265a20a47579be5f6caecab889522fec321d37c51c41571836e0a7700174c8e90480c78459715

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

    Filesize

    12KB

    MD5

    eadfc89880df1f5495b7d7b4d0047a8a

    SHA1

    9c1979bba318788c90f0c7200fc9f86a2d6cf560

    SHA256

    8038fa52303133bf365ab30655b2f02867ee717f5bafbe28d2c5aa087b29b899

    SHA512

    0ba80adbcc353de3d789b360a9ec87a77a5b93c9ead2c5e2a3ff7ad08bdcc1a4f4481e7b907deb19e987ef31bf4bed1002a5508334563cb6dbb6c7f215077000

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

    Filesize

    8KB

    MD5

    749088b4ebb5187c801739d539e34875

    SHA1

    6b8345fa6d87231eb6c4324ef1b6595800cd8faa

    SHA256

    858b706e091f5250bc13b79c93ecd93be271e69e9cea94fe27d2e9c1a0ffa902

    SHA512

    749f52ba6144ad4f959ec765ed85a26aac1b876ee1babc21e2ddf334512eac80f9687a468faed350c5aa287c7a9160e0f9b40f2877b7125e121999548448e5ac

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

    Filesize

    11KB

    MD5

    9c6cefd1f98f979fe84c2d2884d4eb8e

    SHA1

    f49903632c35197a26330b16b64798cfdb330511

    SHA256

    8e621ebf5c5b713d6c55ffba09a6dd1a958930ae60c13401cc1444118cd991f7

    SHA512

    8d286256b254beacc98fb7c55c2675aecc007c3613d7b061ca5c60f79fe546a62819d5c6a6953ebc38369c7f7d8be8856f35e1d3d0f88320c15dfe9e349cc3a2

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

    Filesize

    109KB

    MD5

    0dfb052b7a4e60d3a3b4c8dbf5ebe19a

    SHA1

    ecbb31a1a8f34151e86f85b6105341bb2f9cadc3

    SHA256

    c4470d9c09d7d5b8da63b64780a3c639e0f25df97e63c015bba55d290991de09

    SHA512

    d2c1d29de3b71d8b05f2f286bd2acb551a8f0e951ec611bf1a3671bb9615b470b5c8a649c72d1bcfe3bc26ea8574f46f7cfca4232781e4fd665e9fede65e9a72

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

    Filesize

    172KB

    MD5

    bfacf8e7caff2fcbe157afa7b6c3ab98

    SHA1

    d8d12a5d7968c812b69a7d47b590d7ecbf9aa8ce

    SHA256

    fad6c44829d5b8ff07dceb6b0571dd661383ee047f8447fccfb807d02961ea5d

    SHA512

    b972b07d2d179ee3a3886fb91a4f3030e92f0f3dfb358043b039cb98b4ef0c5fa2db949e0c05bbc67c4835a77495c380f93c6967d97ee3bf5f9067b956cd1350

  • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

    Filesize

    1KB

    MD5

    2e8e6ebf5cc359f461fc2308d8fdc601

    SHA1

    7749515d7ae56f65003f46cfdcaaaa0c5273b362

    SHA256

    bdc95f9200d035ad71701a8109f60994767ab126dcfb9dd22dc1cea5b6c1c29d

    SHA512

    2024d3e4904dd43381b3a68de6efa13bbe3e718f317f6180f7be822e4b9b0f372ce4772c131247d8fd8fe8947c2eddae167b57c36368c81a6e5a5e9762ade8be

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

    Filesize

    49B

    MD5

    2fb408fa4e066829075e6dfb2619464f

    SHA1

    70c0f86d13275c907454c37bac1299f3034d7bd0

    SHA256

    18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

    SHA512

    e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    1d3325cc916e9d1d52a894345b1680cb

    SHA1

    702097874d63f72e031f9f0b06815213e52c23b6

    SHA256

    07c930ffc212d47a874b453e5bede5204fea0e61db01fd3f8b23d2b7ec31b4e8

    SHA512

    5744503015c3cd0a06b6365102af54ee4f8c07fa74280eca60554fa3d518964fea8b8d9ffd396d93f1984b042c5ff772fd288a58df90816e37e6af1e33c1d570

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

    Filesize

    1KB

    MD5

    09e52e14cb4a7973628716800e4e14dc

    SHA1

    72eb0175c693955567c30b0d13dee45a5a49a5a9

    SHA256

    a4a20488be846ded77db824977e113a106e589452c54ef6c707070f9ac2a901e

    SHA512

    6767e9816b56bad32aea174894d9d65f86016f7bd1fce2356bbd9c7b611df29d06e24e98d9fbb9f6381030cacdb5e007b6ee91dbfede5389fd366e02087fd7fc

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

    Filesize

    952B

    MD5

    64a6a28010dfcefb70e322d964b2429c

    SHA1

    6d4e730eb27ec7583ec7838e8299edaea7c5a67e

    SHA256

    8bb51432779b211f141a44696688bda9a4b3c93ca807ae38afd81ded6fdf471b

    SHA512

    35d802b218b724438b1c730ff5126a661ac24dc96feb25959375f6c9603f529c0da0a204afb11faf81c8bcfc2d746e346e52a1f6e0786a814f09e6f670324a57

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

    Filesize

    121B

    MD5

    d98239746b9e6e4a4f77ef6cb7b69f5b

    SHA1

    113a01385c3428a1bc95673e0701e9cb399aec6c

    SHA256

    f269be75d765ac024a5ef1b52d0909cab313a10554875befa04d598c5681cfaa

    SHA512

    8ada09f4c4c24ce18a9a7161bcda4150500ab9dfdc6f4078b2258cbbb61753de3427df11dc617084e312b7121f684e472f04d8fc83655664057650aad239e878

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

    Filesize

    1KB

    MD5

    37ae686587eaae24e532fe5160a3f845

    SHA1

    4957c177ae29c7dad8133f071ab88aa9a4b6df33

    SHA256

    691cde514dbc60b4571c6c65aeb101372a236bd17d4ac45ba88fed55434dbe01

    SHA512

    838d8b6aac7f61e14d968058aa82ddff26cc1790568fedbfd41027a305fa44fa4e253fb1b625c40bebe70931b5f6d43c1e95ef8ead924370618d8867c032a6e0

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    dcc8edabdf54ea28859dbf2b2a7044b2

    SHA1

    872031d1222df3925d65dee0073646ad706eed0a

    SHA256

    318f1541522bf21e82183ed64f739ea1bba2b0cee4ab071a4eed0e1e7e5e01be

    SHA512

    d93743ba14ef2f688ef70334cb79dec4ceb609f1f8d9e40962b04e2fe3c4e363225e5f055e8cb9db915bb05a7501ba38fa31da69c093e20336b6c16808bdcd37

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

    Filesize

    61B

    MD5

    fcb6ba66484314910d3db6cfe8eeca36

    SHA1

    7c0e4c4bd445b6e73144a272cd36e1324487f04f

    SHA256

    92dd7183705135e292170b9f3f5286b1a5e93f9ba80ebbef4f0847097a18534d

    SHA512

    bd0ec42fd544c68adb60919385df54a9dc008fbad22de3473458610f3ff1d9b80cbd472680dc133940e631c351f59a3ad0bdd6a18d6b1dea9efccb6115407bd5

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

    Filesize

    914B

    MD5

    3fb15dafa06586e7dc33b6296bb0d888

    SHA1

    f15d1795db2c010970405f677003ebb65395b5d7

    SHA256

    4033aebe6bebbbdfe94beee155925c461165e51382ba75cdd93eb35732c213ef

    SHA512

    c91a4cae2fd45a0290a0ea7432fe8d2d4d605039b90a7f54368ffbeb5fdbd7aabf5ebe8d6a3042686e23d626890bb052224ad9d26fdc9c071c910f1de5bb08bd

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

    Filesize

    90B

    MD5

    c3abe78fd5837bf035798c7b816af5fb

    SHA1

    7f50450cc109d00fc8ba7fe490128afe466de0f7

    SHA256

    974fe6ba7a2e611e2befa57a2366c44c20520f7085a7ac00a64e535e8978ee59

    SHA512

    9b5c6d6ba0b91dd249e5a4c40027257595a4e79cde4bf2bafb1db0b3b1b4239ecff6c4757b9a5bea4b7d6a4880fb231efbc3d6bea97df5d5a91b82f0bd1ad8c9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

    Filesize

    90B

    MD5

    91a0a7b8c2d9a111fc7c10acd975ab93

    SHA1

    fcb8cb2dbac67e2922dcb1de9d37741180ac2200

    SHA256

    c8b22def06ecab1bffb7c4bcb09b7150676c0707b135aa6362b3e32e9f30db73

    SHA512

    3bcdcef51c83925548c5179cdf52a2512ec8947560da85702d3b46fb9ed343b88371e2e8788e1b2326041081467e7636c7de1f01f0e782c77da0ff2288e21703

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

    Filesize

    328B

    MD5

    1a1d381e1d130f957a227e3402cdbc60

    SHA1

    3e5976991b97bdd481dd36957c54e41aa9dcd9dd

    SHA256

    79c82725ad7202fde2a12fd6ba414601cf211049cffa0215daecb68fb55b2f14

    SHA512

    585be953fb0f06dbd07d2a95253fa829dc1ca8611caa90d30c89d9f2ebdd21bdf146de1bc4fa6a05b519e5cca5265b9389068e148ae95b63baa78b785e8862a1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    bec64a2f6ac55c7835d193be3c3ee9c6

    SHA1

    d77334e9329b5e3e7546be71f7a7e776b939e2e7

    SHA256

    4166d40220c459c03afb2f083c99278c75485bce0200c0ed18d33a04be78c450

    SHA512

    e4a5d87b4d1af90402678e5e393cd60619292190f03697d2bb1d98d05c5167feb5594da48a5f95db43b6590116ceeb220a49f4f989a4fe4137f1d027b8395edf

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

    Filesize

    162B

    MD5

    5f3cb496aa9c4143b46d5b93990e2ea8

    SHA1

    6e757737cd0afdb78c43a582e6f7e3359c186e64

    SHA256

    989c57f1151285b622fef9429d8ba0437814a09fae56aab0d4cd11205e60f942

    SHA512

    fd3a0fe8d04771ff83f173de0a2ffe548bc33323f22b02a811a62dd2687fa3cf25f239ba3a9a6477f8f19aeb195b9042df67735b120d03fb3d8b7748e71c3dd9

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

    Filesize

    586B

    MD5

    e32d9bf7adb2047bf292fa3aa0072c24

    SHA1

    2f24b2c5e9456c7b0b457bc32e84f77f8f88edcb

    SHA256

    68225918a62b508ad11c616be14cb888d39480a8bff0ab8c72e322ce10339ed7

    SHA512

    489cdc8a4f084c75c2883cf30ef74af6531e5552dddd3f5170ea07d967043aac120ab7687a635d92434a3646261d6c3d2fb9eee82da16306a9e33108b5798944

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

    Filesize

    124B

    MD5

    c0cd80923a2a087599b7afc2f575332c

    SHA1

    473c3b183c393fb75d26bb7768d5e9f326313146

    SHA256

    d5ab7240b560e1e761a2473a115b14dedc6dcaff466c4dc1ac95364c85776bb5

    SHA512

    0d90cffa3d2b6e3ff41a3fe86f039f30343418825c2d83eb19e0d8a0d7da8a7b1d325b78ac66ece4fb1d68b83a4f4ee01c19a29e769bddf13a6850e76ffaf839

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    d6f0f6fc1ba217da1b0ffbf198e5ae72

    SHA1

    f1047aa675d7710f222d2f671157940e3b9923ea

    SHA256

    c11278970c8edee49cb821e26a8c161778ad07643e58ebad7b7b7074eae101f7

    SHA512

    840f102731258bbf12e931d9a15eea70b0f11a0d05de79eef56fe545febba495f2caf71427655b12038cd9f0cba51ccfc237935a1ff90a1a5a3dc2c43a9214bd

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    99883e4ff825f96937d5ce41c63e4cb6

    SHA1

    447b5a9a39d0539acb038a62ba3a87af864ca8e4

    SHA256

    afc76e72295f02347e422bb6905e709ba37d651b70c65f83b865fa576a9cf654

    SHA512

    0d85a8b08d8a7b886549b5fa5b8d01e22ff55f2f5950b1952024771d4f4a6ae7a2ab5654636620d4a98373473eb6318cb721f864e2d38a9805ee36cf06080ae4

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    428a2d59b920bf12563ffa39c58b6a98

    SHA1

    7d2dbf8487c7b04c2afddfa4af0f0f7a7e1d9daa

    SHA256

    8566f6e66975382ff313ca82bb83f52623a5de52b6c42f2fc078ae99aae3d0b0

    SHA512

    09f7b178f6793248a9597ca3831a530721aaac9e9681b5358fe31af7c277b03fa6e71771551927e36b993bc0ef06dd87d9cbceb2d63f9270098fa0b14966d072

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

    Filesize

    65B

    MD5

    a9a7602a94b1289896d5976ac77afc72

    SHA1

    af9aecb7d399722a0735760f9ab2d3ea1ed38933

    SHA256

    7c68407f107bcf206b4e2101f86f04b34e0c14df8319c771e6d3a08fe66e20d4

    SHA512

    cffede1e9727912035db5c66f90c010c717ff93a50dbc4230b88f660db906a5e0016c1a990bcdafb47be0b28f8e2787aa7aeab5efadce4bac0372c3871de850d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

    Filesize

    65B

    MD5

    0d718c0def2f2163475f0759b14d0484

    SHA1

    7c76908169780975a392548550b7e1b87aa44b78

    SHA256

    57acdb07130122056b09da925b254e12b80ca640e08460ff40de19d04bdff9a5

    SHA512

    eae4741d3660a3c7485326aa39da593945507fc9b7e7ce5fc2b4d71417edadd316611bc7e57216c3668ecef87285362c806c092659404c8bab2c4a0e0b853b15

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

    Filesize

    880B

    MD5

    fb1fc16fb6691647e700d16cc25a64a5

    SHA1

    9bb8bfc1bc8202175c9679ef17cb3b915d7779da

    SHA256

    bc8a225f9bad69badc1db203912d9819b1a4d334b3295d588c3739113e2768c0

    SHA512

    0875e17df74878aec20076c0455ed507dbcf25ca39932e74265d15840ac6fb9933bfba1893486127bdd91663c7277bb0edfb4b1e80b2e42de226befc1fb56aff

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe

    Filesize

    32KB

    MD5

    2736df30bd3d3c1b11a8319f2b83ab8a

    SHA1

    7202b5e5623fd5c6b09177ba9d66dfdf6b30b7d5

    SHA256

    482b79f30778134526f88f61a2b76f63bac4919278acc7990e6e27bbff989aaa

    SHA512

    e14eb86bc0a1c3917671df47e9b1e7f8f223187d21c236298970bc801f841175dbc1fd6b3ced76816a532064662aeb24f3d5b7b5ca66c7ad38d3171508f89047

  • memory/2580-7-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2580-9570-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2580-9571-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2580-9825-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2580-9826-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB